vulnerability

(get it in RSS or Atom)

Has Microsoft just PROVED why you should upgrade from XP?

ms-sir-250

Microsoft just published its January-to-June 2013 Security Intelligence Report.

The results seem to PROVE that you should get rid of Windows XP as soon as you can.

Paul Ducklin checks the strength of the "proof"...

Firefox moves up to Version 25, fixes a bunch of memory mismanagement problems

A brief reminder for Firefox users: version 25 is out.

As usual, there are some new and tweaked features, plus a fair number of security fixes.

Paul Ducklin takes a quick look...

Anatomy of an exploit - inside the CVE-2013-3893 Internet Explorer zero-day - Part 2

3893-2-250

Part Two of our examination of an IE exploit.

This is a great read if you want to get a feeling for how cybercrooks think. (Don't worry if you aren't technical: it's clear and jargon-free.)

OS X Mavericks - optional OS upgrade or critical security fix?

mav-250

Apple's OS X 10.9, better known as Mavericks, is officially out.

The burning question for OS X fans everywhere, of course, is, "Should I or shouldn't I?"

SSCC 120 - Vulnerabilities, backdoors, crypto done right, and crypto done wrong [PODCAST]

sscc-120-thumb-250

Ah, the irony! Good crypto from the bad guys, and bad crypto from the good guys...

Chet and Duck turn the latest security news into an insightful, amusing and educational discussion in the latest episode of their two-weekly podcast.

Facebook privacy, Google ads, D-Link security, CryptoLocker ransom - 60 Sec Security [VIDEO]

2013-10-19-cryptolock-250

What leaves your computer standing but your data in ruins? Should Facebook teenagers be able to message the world? How can you stop Google using your photo in ads?

Find out in this week's Sophos 60 Second Security!

D-Link router flaw lets anyone login through "Joel's Backdoor"

dl-524-250

Embedded systems hackers play around with devices like home routers and set-top boxes, to see what their proprietary hardware and firmware might reveal.

See what they just found in a range of D-Link routers - you'll want to laugh, though it's not really funny.

Anatomy of an exploit - inside the CVE-2013-3893 Internet Explorer zero-day - Part 1

3893-1-250

The latest IE zero-day explained.

This is a great read if you want to get a feeling for how cybercrooks think.

(Don't worry if you aren't technical: we've kept the code and jargon to a minimum.)

Adobe's first update since the Big Breach - RoboHelp, Acrobat and Reader get patches

adobe-250

Adobe's Patch Tuesday fixes are out.

This is business as usual, promised long in advance and expected toay, so there isn't anything in it related to the company's recent network intrusion woes. (We hope!)

Microsoft's Patch Tuesday is out - and the answer is, "YES, they FIXED IT!"

tuesday-250

Microsoft's Tenth Anniversary Patch Tuesday is out, and, yes, Redmond's security gurus did patch against the recent Internet Explorer zero-day that is being exploited in the wild!

There are seven other fixes as well - Paul Ducklin has the details.

SSCC 119 - Happy 10th, Patch Tuesday - Adobe "goes open source" - Dread Pirate Roberts [PODCAST]

sscc-119-250

A wild ride this week, with Patch Tuesday turning 10, Adobe "going open source" by losing 40GB of code, and Silk Road operator Dread Pirate Roberts getting locked in the brig.

Chet and Duck turn their amusing but insightful attention to the latest security stories...

Microsoft Patch Tuesday - get ready for a bumper Tenth Birthday edition!

pt-oct-500

This month's Patch Tuesday will be the tenth anniversary of Microsoft's regular security bulletins.

Paul Ducklin takes you through what's in store...

"Mailbox" app on iPads and iPhones runs JavaScript from emails - vulnerability or feature?

mbox-250

Italian computer scientist Michele Spagnuolo recently wrote about what he considered a security issue in the popular iPhone and iPad email app "Mailbox."

Not everyone agreed with him...

Sophos Techknow - Understanding Vulnerabilities [PODCAST]

techknow-logo-170-of-250-at-0250x0250

Make sense of vulnerability jargon by listening to this 15 minute podcast...

With recent updates from Microsoft (three times), Adobe, Oracle, Apple and Firefox, the timing could scarcely be better.

WordPress issues security fixes, advises "update your sites immediately"

wp-logo-250

Mega-popular blogging and content management system WordPress has just put out version 3.6.1.

This includes a patch for a remote code execution hole, so you are advised to update ASAP.

Adobe has Patch Tuesdays, too - a reader reminds us!

adobe-reader-update-thingy-250

Naked Security reader Haemish Edgerton just gave us a very polite but effective scolding for neglecting to mention the Adobe fixes that came out on Tuesday.

Point taken, so here's a table of what Adobe updated, and how to see what versions you should now be on.

SSCC 116 - Google Authenticator, Apple bugs, Facebook data probes, WordPress phishing [PODCAST]

sscc-116-250

Here you are! Episode #116 of the Sophos Security Chet Chat.

News, opinion, advice and research: Chet and Duck bring you their unique and entertaining combination of all four in their regular podcast.

Apple neglects OS X privilege escalation bug for six months, gets Metasploit on its case...

bulet-through-apple-500

Six months ago, we wrote about a risky bug in the sudo command, the Unix equivalent of Run As... on Windows.

The vulnerability is still unpatched on OS X, and now there's a Metasploit exploit pack to take advantage of the hole.

LastPass password manager gets security patch against password leakage bug

lp-oops-250

Q. Why not use a password manager that can generate hard-to-guess passwords for you, and secure them with one super-password?

A. But what if the password manager gets breached?

Heads up for Patch Tuesday: 24 hours, 8 bulletins, 3 critical, everything needs a reboot

restart-250

It's that time of the month again, with Microsoft Patch Tuesday just 24 hours away.

Paul Ducklin presents this month's eight bulletins in seven handy bullet points...